The attack is believed to be part of protests against US government surveillance programs revealed this month.

Security firm McAfee discovered the app on third-party Android app sites. In a blogpost, McAfee researcher Irfan Asrar said the program initially appeared to do everything that the official app did.

However, he wrote, code added to the cloned version copied and sent information to a command-and-control server every time the phone was re-started. Once it made contact, the app tried to download extra code that included the anti-government images and messages.

A timer in this extra code waited for 4 July and then changed the app's wallpaper from pictures of album artwork and Jay-Z to that of President Obama wearing headphones. Above his image were the words "Yes we scan"- believed to be a reference to the NSA's extensive Prism scanning system. It is also plays on the slogan that President Obama campaigned under "Yes, we can."

"The image and the service name NSAListener suggest a hacktivist agenda," wrote Mr Asrar, "but we haven't ruled out the possibility that additional malware may target financial transactions or other data."

To avoid falling victim to this and other mobile threats, users should avoid downloading apps from unofficial sources and ensure security software is kept up to date, he added.